Confirmed users
529
edits
Security/Web Bug Rotation: Difference between revisions
Jump to navigation
Jump to search
→Verification process
| Line 28: | Line 28: | ||
# For '''NEW''' bugs | # For '''NEW''' bugs | ||
## Find an owner (typically a dev or the product manager) to assign the bug to, and needinfo her/him. Change status to ASSIGNED. | ## Find an owner (typically a dev or the product manager) to assign the bug to, and needinfo her/him. Change status to ASSIGNED. | ||
## Set the right '''[https://bugzilla.mozilla.org/describekeywords.cgi | ## Set the right '''[https://bugzilla.mozilla.org/describekeywords.cgi keywords]''' | ||
### sec-{critical,high,moderate,low,other}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Severity_Ratings severity ratings] | |||
### wsec-{authentication,cookie,xss,sqli,...}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Group_Keywords vulnerability types] | |||
## If the reporter is eligible for bounties (non-staff, non-sg), Set "sec-bounty" flag to "?" | ## If the reporter is eligible for bounties (non-staff, non-sg), Set "sec-bounty" flag to "?" | ||
## Block the appropriate meta-bug | ## Block the appropriate meta-bug | ||